diff options
Diffstat (limited to 'bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java')
-rw-r--r-- | bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java | 45 |
1 files changed, 23 insertions, 22 deletions
diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java index a9f1a37a3..780605012 100644 --- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java +++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleHook.java @@ -184,16 +184,17 @@ public class SignedBundleHook implements ActivatorHookFactory, BundleFileWrapper public void addHooks(HookRegistry hookRegistry) { container = hookRegistry.getContainer(); hookRegistry.addActivatorHookFactory(this); - String[] support = ManifestElement.getArrayFromList(hookRegistry.getConfiguration().getConfiguration(SIGNED_CONTENT_SUPPORT, hookRegistry.getConfiguration().getConfiguration(SIGNED_BUNDLE_SUPPORT)), ","); //$NON-NLS-1$ - for (int i = 0; i < support.length; i++) { - if (SUPPORT_CERTIFICATE.equals(support[i])) + String[] supportOptions = ManifestElement.getArrayFromList(hookRegistry.getConfiguration().getConfiguration(SIGNED_CONTENT_SUPPORT, hookRegistry.getConfiguration().getConfiguration(SIGNED_BUNDLE_SUPPORT)), ","); //$NON-NLS-1$ + for (String supportOption : supportOptions) { + if (SUPPORT_CERTIFICATE.equals(supportOption)) { supportSignedBundles |= VERIFY_CERTIFICATE; - else if (SUPPORT_TRUST.equals(support[i])) + } else if (SUPPORT_TRUST.equals(supportOption)) { supportSignedBundles |= VERIFY_CERTIFICATE | VERIFY_TRUST; - else if (SUPPORT_RUNTIME.equals(support[i])) + } else if (SUPPORT_RUNTIME.equals(supportOption)) { supportSignedBundles |= VERIFY_CERTIFICATE | VERIFY_RUNTIME; - else if (SUPPORT_TRUE.equals(support[i]) || SUPPORT_ALL.equals(support[i])) + } else if (SUPPORT_TRUE.equals(supportOption) || SUPPORT_ALL.equals(supportOption)) { supportSignedBundles |= VERIFY_ALL; + } } trustEngineNameProp = hookRegistry.getConfiguration().getConfiguration(SignedContentConstants.TRUST_ENGINE); @@ -333,17 +334,17 @@ public class SignedBundleHook implements ActivatorHookFactory, BundleFileWrapper void determineTrust(SignedContentImpl trustedContent, int supportFlags) { TrustEngine[] engines = null; SignerInfo[] signers = trustedContent.getSignerInfos(); - for (int i = 0; i < signers.length; i++) { + for (SignerInfo signer : signers) { // first check if we need to find an anchor - if (signers[i].getTrustAnchor() == null) { + if (signer.getTrustAnchor() == null) { // no anchor set ask the trust engines if (engines == null) engines = getTrustEngines(); // check trust of singer certs - Certificate[] signerCerts = signers[i].getCertificateChain(); - ((SignerInfoImpl) signers[i]).setTrustAnchor(findTrustAnchor(signerCerts, engines, supportFlags)); + Certificate[] signerCerts = signer.getCertificateChain(); + ((SignerInfoImpl) signer).setTrustAnchor(findTrustAnchor(signerCerts, engines, supportFlags)); // if signer has a tsa check trust of tsa certs - SignerInfo tsaSignerInfo = trustedContent.getTSASignerInfo(signers[i]); + SignerInfo tsaSignerInfo = trustedContent.getTSASignerInfo(signer); if (tsaSignerInfo != null) { Certificate[] tsaCerts = tsaSignerInfo.getCertificateChain(); ((SignerInfoImpl) tsaSignerInfo).setTrustAnchor(findTrustAnchor(tsaCerts, engines, supportFlags)); @@ -356,17 +357,17 @@ public class SignedBundleHook implements ActivatorHookFactory, BundleFileWrapper if ((supportFlags & SignedBundleHook.VERIFY_TRUST) == 0) // we are not searching the engines; in this case we just assume the root cert is trusted return certs != null && certs.length > 0 ? certs[certs.length - 1] : null; - for (int i = 0; i < engines.length; i++) { - try { - Certificate anchor = engines[i].findTrustAnchor(certs); - if (anchor != null) - // found an anchor - return anchor; - } catch (IOException e) { - // log the exception and continue - log("TrustEngine failure: " + engines[i].getName(), FrameworkLogEntry.WARNING, e); //$NON-NLS-1$ + for (TrustEngine engine : engines) { + try { + Certificate anchor = engine.findTrustAnchor(certs); + if (anchor != null) + // found an anchor + return anchor; + } catch (IOException e) { + // log the exception and continue + log("TrustEngine failure: " + engine.getName(), FrameworkLogEntry.WARNING, e); //$NON-NLS-1$ + } } - } - return null; + return null; } } |